using sa-learn on spam attachements

Kosta Lekas KLekas at FOXRIVER.COM
Tue Sep 13 19:27:09 IST 2005 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Matt Kettler
Sent: Tuesday, September 13, 2005 12:44 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: using sa-learn on spam attachements

Greg Matthews wrote:
> is it ok to use sa-learn to learn spam from mail that has been
delivered
> as attachement? ie message arrives from mailscanner with the spam
> included as attachment. Can I then:
> 
> sa-learn --spam -p /etc/MailScanner/spam.assassin.conf \
> 	--dbpath /etc/MailScanner/bayes/bayes \
> 	--mbox < spam.mbx
> 
> or do I need to strip all the attachments out and feed them through
> seperately?

You need to strip the attachments and feed those in.

> 
> I found this on the wiki:
> "It's OK to feed emails with Spamassassin markup into the sa-learn
> command -- sa-learn will ignore any standard Spamassassin headers, and
> if the original email has been encapsulated into an attachment it will
> decapsulate the email. In other words sa-learn will undo any changes
> which Spamassassin has done before learning the spam/ham character of
> the email."

Caveat: Decapsulation works the same as header stripping. SA will only
decapsulate the mail if SA did the encapsulation.

> 
> which sounds good but then:
> "If you or any upstream service has added any additional headers to
the
> emails which may mislead Bayes, those should probably be removed
before
> feeding the email to sa-learn. Alternatively, use the
> bayes_ignore_header setting in your local.cf (as detailed in the man
> page for Mail::SpamAssassin::Conf)."
> 
> sounds bad as MS has added in headers....

Not only that, but SA didn't generate the encapsulation, MailScanner
did. SA can
ONLY undo it's own markups and encapsulations, because SA knows it's own
configuration and can recognize it's own changes as a result.

SA cannot undo markups or encapsulations done by MS, or any other tool,
because
it doesn't know what was done.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

I would use ripmime program to remove the attachments 

Kosta Lekas

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list